From d58685dc63da77fbe88da9df7f7ec13575640263 Mon Sep 17 00:00:00 2001 From: "sangwan.kwon" Date: Tue, 27 Sep 2016 21:02:42 +0900 Subject: Add flag and logic on xmldsig for proxy-validator * Added flag : XMLSEC_DSIG_FLAGS_SKIP_PROXY Change-Id: I868067b163c83acfa52e5ad9486f73dd781f0cbc Signed-off-by: sangwan.kwon --- src/xmldsig.c | 73 +++++++++++++++++++++++++++++++---------------------------- 1 file changed, 39 insertions(+), 34 deletions(-) (limited to 'src') diff --git a/src/xmldsig.c b/src/xmldsig.c index db33058e..61b3024a 100644 --- a/src/xmldsig.c +++ b/src/xmldsig.c @@ -965,53 +965,59 @@ xmlSecDSigCtxProcessReferences(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr firstReferen return(-1); } - /* TIZEN CUTUMIZED : check proxy caches for partial mode */ - if((dsigCtx->flags & XMLSEC_DSIG_FLAGS_CHECK_PROXY) != 0) { - int isInProxy = 0; - if(dsigCtx->proxyCtxPtr != NULL) { - xmlChar* refUri = xmlGetProp(cur, xmlSecAttrURI); - if(refUri == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); - return(-1); - } - + /* TIZEN CUTUMIZED : check proxy context */ + int isInProxy = 0; + if(dsigCtx->proxyCtxPtr != NULL) { + xmlChar* refUri = xmlGetProp(cur, xmlSecAttrURI); + if(refUri == NULL) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, NULL, - XMLSEC_ERRORS_MAX_NUMBER, - "Start to search reference on proxy : %s.", - refUri); - - xmlSecProxyCtxPtr pc = dsigCtx->proxyCtxPtr; - while(pc != NULL) { - if(xmlSecDecodeCmp(refUri, pc->cache) == 0) { - isInProxy = 1; - break; - } - pc = pc->next; + XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE, + "node=%s", + xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); + return(-1); + } + + xmlSecProxyCtxPtr pc = dsigCtx->proxyCtxPtr; + while(pc != NULL) { + if(xmlSecDecodeCmp(refUri, pc->cache) == 0) { + isInProxy = 1; + break; } - } else { - /* if proxy is not exist, process references */ + pc = pc->next; + } + } else { + /* if proxy is not exist, process references */ + xmlSecError(XMLSEC_ERRORS_HERE, + NULL, + NULL, + XMLSEC_ERRORS_MAX_NUMBER, + "Proxy doesn't exist."); + } + + /* TIZEN CUTUMIZED : check uri only in proxy caches for partial mode */ + if((dsigCtx->flags & XMLSEC_DSIG_FLAGS_CHECK_PROXY) != 0) { + /* if not exist on proxy, skip on processing references */ + if(isInProxy == 0) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, NULL, XMLSEC_ERRORS_MAX_NUMBER, - "Proxy doesn't exist."); - isInProxy = 1; + "Skip %s on processing references.", + xmlGetProp(cur, xmlSecAttrURI)); + continue; } + } - /* if not exist on proxy, skip on processing references */ - if(isInProxy == 0) { + /* TIZEN CUTUMIZED : skip uri proxy caches for proxy-validator */ + if((dsigCtx->flags & XMLSEC_DSIG_FLAGS_SKIP_PROXY) != 0) { + if(isInProxy) { xmlSecError(XMLSEC_ERRORS_HERE, NULL, NULL, XMLSEC_ERRORS_MAX_NUMBER, - "Skip %s on processing references.", + "Already checked refs by proxy-validator : %s", xmlGetProp(cur, xmlSecAttrURI)); continue; } @@ -1063,7 +1069,6 @@ xmlSecDSigCtxProcessReferences(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr firstReferen return(0); } - static int xmlSecDSigCtxProcessKeyInfoNode(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr node) { int ret; -- cgit v1.2.3